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TntnS Prufungsbericht. der von der mi, der 

Artikel 36 Qbermittelt wird. 9 Deau,,ra 9 ten Behorde n ^ Artikel 35 erstellt wurde und dem Anmelder gemaB 

Dieser BERICHT umfaBt insgesamt 7 Blatter einschlieBlich dieses Deckblatts. 
AuBerdem liegen dem Bericht ANLAGEN bei; diese umfassen 

a. B t^ W "?* r ^ ^ lr»o— ml e Blatter; dabei hande.t es sich urn 

-gS^ wurden und diesem Berich, 

70. 1 6 und Abschnitt 607 der Vet^SiSSSmn) 2U 9 est,mmt hat (siehe Regel 

Blatter, die frOhere Blatter ersetzen, die aber aus den in FpM Mr 1 p,,„w a ^- 

Grunden nach Auffassung der Behorde eine Indemng enmaL die uber dZ nn Z " satzfe,d angegebenen 
.nternat.ona.en Anmeldung in der ursprunglich eln^^^^S^^ 9t,ban ' n ^^ ^ 

&rS^ 

nur in computerlesbarer Form, wie im ZusatefeE bi^Lr^« % °azugehor.gen Tabellen enthait/enthalten 
802 der Verwaltungsvorschriftenj SatZf6 ' d betref,end a ™ Sequenzprotokoll angegeben (siehe Abschnitt' 



b. □ 



Dieser Bericht enthalt Angaben zu folgenden Punkten: 



S Feld Nr. I 

□ Feld Nr. II 

□ Feld Nr. Ill 

□ Feld Nr. IV 
H Feld Nr. V 

□ Feld Nr. VI 

□ Feld Nr. VII 
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Feld Nr. I Grundlage des Berichts 

Hinsichtlich der Sprache beruht der Bericht auf der internationalen Anmeldung in der Sorache in der s.p 
eingereicht wurde. sofern unter diesem Punkt nichts anderes angegeben ist ^Pracne, in der sie 

P Der Bericht beruht auf einer Ubersetzung aus der Originalsprache in die folaende SnranhP 

be. der es sich um die Sprache der Ubersetzung handelt, d, P e fur ^££1^$$^ worde n isf 
U Internationale Recherche (nach Regeln 12.3 und23.1 b)) 

□ Veroffentlichung der internationalen Anmeldung (nach Regel 12 4) 

□ Internationale vorlaufige Prufung (nach Regeln 55.2 und/bder 55.3) 

Hinsichtlich der Bestandteile* der internationalen Anmeldung beruht der Bericht auf (Ersatrhmttar h;* n am 



Beschreibung, Seiten 
1-14 

Anspruche, Nr. 
1-19 

Zeichnungen, Blatter 

1/3-3/3 



in der ursprunglich eingereichten Fassung 



in der nach Artikel 19 geanderten Fassung (ggf. mit einer Erklarung) 



in der ursprunglich eingereichten Fassung 



SequTnzpro1oko.T nZPr ° t0k011 Und/ ° der dazu 3 e ^rigen Tabellen - siehe Zusatzfeld betreffend 



das 



3. □ 



4. 



Aufgrund der Anderungen sind folgende Unterlagen fortgefallen: 

□ Beschreibung: Seite 

□ Anspruche: Nr. 

□ Zeichnungen: Blatt/Abb. 

□ Sequenzprotokoll (genaue Angaben): 

□ etwaige zum Sequenzprotokoll gehorende Tabellen (genaue Angaben): 

f B °a" 9 a e?70 n |^ Beh6rde *~ ^ ^^S^XSS, Z55SE SESSSL**, 

□ Beschreibung: Seite 
H Anspruche: Nr. 1-19 

□ Zeichnungen: Blatt/Abb. 

□ Sequenzprotokoll (genaue Angaben): 

□ etwaige zum Sequenzprotokoll gehorende Tabellen (genaue Angaben): 

* Wenn Punkt 4 zutrifft, konnen einige oder alle die^r R 7^^ r m < ^ 

»ersetzt" versehen werden. cixeser Blatter mit der Bemerkung 
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Feststellung 
Neuheit (N) 



Erfinderische Tatigkeit (IS) 
Gewerbliche Anwendbarkeit (IA) 



Ja: Anspruche 1-19 
Nein: Anspruche 
Ja: Anspruche 
Nein: Anspruche 1-19 
Ja: Anspruche: 1-19 
Nein: Anspruche: 



2. Unterlagen und Erklarungen (Regel 70.7): 
siehe Beibfatt 
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INTERNATIONALER VORLAUFIGER 

BERICHT ZUR PATENTIERBARKEIT Internationales Aktenzeichen 
(BEIBLATT) 

PC T/EP2004/01054q 

Zu Punlct V 

Begrundete Feststellung hinsichtlich der Neuheit ■ - 



1. 



2. 



Es wird auf die folgenden Dokumente verwiesen: 



D1: 
D2: 

D3: 
D4: 
D5: 
D6: 



H.AN DANNY (SG)) 15. November 200l' ^200^1 ^ ^ ^ (SG); UM KAY 

f^'tlT 634 (MIC SYSTE MS) 3. Januar2001 (2001-01-03) 
US 2001/037264 A1 (HUSEMANN DIRK ftaih m J } 

US 2003/153298 A1 (EDER R^Nh^RD ET A^) 14 

US 2002/147658 A1 KWAN KhTh^ V ^ 2 °° 3 C 2003 ^^) 

irxvvMN KHAI HEE) 10. Oktober2002 (2002-10-10) 



ANDERUNGEN (ARTIKEL 19 UNO REGEL 70.2(c) PCT) 



2.1 Die Pruf ungsabteilung ist der Meinung, daB die nach Arti^i 1 o ■■ , 

des ersten Ne^eSehmeZZ STT?" ~ benU,2t "** Um die lden « 

Beschreibung, Sei,e 5 9 ^^^^ 1 JTST1?2T ,a ^ ^ * 
Moglichkeit, ein unbedinat zur ld a ntifijl«, 20; ^P™* 14). Die 

wird in der ursprungfcZ Fassunc n 0n h SnUmmer ^*undenes Kon.o zu beiasten 

P unglichan Fassung nur fur bestimmte Ausfuhrungsbeispiele (vgl z B 
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(BEIBLATT) PCT/EP2004/0 10545 

Seite 3, Zeile 4-10 und 28-30; Seite 6, Zeile 31-35; Seite 12, Zeile 26-33) offenbart, 
wahrend die Anspruche breiter formuliert sind und breitgefacherte Ausfuhrungsformen 
erfassen. 

Der Gegenstand der geanderten Anspruchen 1-19 geht daher uber den Inhalt der 
Anmeldung in der ursprunglich eingereichten Fassung hinaus (Artikel 19 PCT). 

2.4 Wegen der oben erwahnten Einwanden, wird die Prufung auf die ursprunglich 
eingereichten Anspruche beschrankt (Regel 70.2(c) PCT). 



3. ERFINDERISCHE TATIGKEIT (ART. 33(3) PCT) 
Unabhangige Anspruche 

3.1 Die vorliegende Anmeldung erfullt nicht die Erfordernisse des Artikels 33(1) PCT, weil 
der Gegenstand des Anspruchs 1 nicht auf einer erfinderischen Tatigkeit im Sinne von 
Artikel 33(3) PCT beruht. 

3.2 Der Gegenstand jenes Anspruchs definiert ein Verfahren zur Abwicklung einer 
elektronischen Transaktion, welches weitbekannte Methodenschritte zweier Klassen 
kombiniert. Es wird insbesondere Schritte aus bekannten Methoden zur Autorisierung 
einer elektronischen Transaktion mittels (mindestens) zwei verschiedener 
Kommunikationsnetzwerke mit Schritten aus bekannten Methoden zur Bezahlung 
solcher Transaktionen mittels bei Diensteprovider existierenden Kundenkonten 
kombiniert. 

3.3 In der Methoden aus der ersten Klasse (vgl. z.B. Dokumente D1-D3) werden zwei 
Kommunikationsendgerate, die mit zwei verschiedenen Kommunikationsnetzwerken 
verbunden sind, von einem Kunden benutzt. Wenn der Kunde mittels des ersten Gerats 
die Bezahlung initiiert, sendet ein Bezahlungsserver (o.a.) einem Gerat eine 
Transaktionsnummer, die der Kunde mittels des anderen Gerats dem Bezahlungsserver 
zurucksendet. Bei Ubereinstimmung dieser Transaktionsnummer mit derjenigen, die 
originell erzeugt worden war, wird die Transaktion bestatigt. 
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3.4 In der Methoden aus der zweiten Klasse (vgl. z.B. D4-D6) wird der Kunde in einer 
elektronischen Transaktion mittels seiner Identifikationsdaten in einem 
Kommunikationsnetzwerk (z. B. mittels seiner Mobilfunknummer) erkannt und belastet. 

3.5 Der Gegenstand des Anspruchs 1 besteht aus einer Kombination weitbekannter 
Merkmalen von Methoden aus den beiden vorgegebenen Klassen, die keine 
erfinderische funktionelle Wechselwirkung ergibt. Diese Kombination besteht daher 
lediglich in einer Aneinanderreihung oder Nebeneinanderstellung bekannter Verfahren 
die jeweils auf normale Art und Weise funktionieren, und kann nicht als erfinderisch 
betrachtet werden (Art. 33(3) PCT). 

Der Gegenstand des Anspruchs 1 beruht daher nicht auf einer erfinderischen Tatiqkeit 
(Artikel 33(3) PCT). y 



3.6 



3.7 



Die gleiche Begrundung gilt entsprechend fur den unabhangigen Anspruch 2 worin eine 
Vanante des Verfahrens vom Anspruch 1 definiert wird. Bei den Unterschieden zwischen 
diesen Anspruchen handelt es sich nur urn naheliegenden Verfahrensschritte aus 
denen der Fachmann ohne erfinderisches Zutun den Umstanden entsprechend 
auswahlen wiirde, urn die elektronische Transaktion abzuwickeln. 

Der Gegenstand des Anspruchs 2 beruht daher nicht auf einer erfinderischen Tatiakeit 
(Artikel 33(3) PCT). «"'g*en 

Abhanaia e AnspninhP 

Die abhangigen Anspruche 3-19 enthalten keine Merkmale, die in Kombination mit den 
Merkmalen irgendeines Anspruchs, auf den sie sich beziehen, die Erfordernisse des 
PCT in bezug auf erfinderische Tatigkeit erfullen. Die zusatzlichen Merkmale die darin 
definiert werden, sind aus dem Stand der Technik allgemein bekannt und'liegen im 
Rahmen dessen, was ein Fachmann aufgrund der ihm gelaufigen Oberlegungen zu tun 
pflegt, zumal die damit erreichten Vorteile ohne weiteres im Voraus zu ubersehen sind 
(vgl. z.B. D1-D6 und die entsprechenden im Recherchenbericht angegebenen 
Textstellen). 
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Der Gegenstand der Anspruche 3-1 9 beruht daher nicht auf einer erfinderischen 
Tatigkeit (Artikel 33(3) PCT). 
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(57) Abstract: An electronic transaction system 
(10) for validating electronic transactions of 
a user of system (10) is described. System 
(10) includes a system controller (11) that 
couples to a service provider (12) of a wireless 
communication system (13), the Internet 
(14) and a merchant acquirer (15). System 
(10) supports electronic transactions such 
as payment for goods and services. An 
electronic transaction is initiated from either 
a user transaction device (17) or a merchant 
transaction device (19). Controller (11) then 
communicates transaction and user information 
with devices (17, 19) via the Internet (14) 
or a private transaction network (20). In one 
type of transaction, the user information has an 
identification code identifying communication 
device (16). In another type of transaction, 
a transaction code is sent to communication 
device (16). Upon controller (11) verifying the 
user, the transaction is validated and a message 
is sent directly to communication device (16). 
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ELECTRONIC TRANSACTION SYSTEM AND METHODS 

THEREOF 

- 

* 

Field of the Invention 

5 This invention relates to non-cash electronic transactions such as credit card 

payments for goods and services. In particular, this invention relates to an electronic 
transaction system to prevent or at least alleviate transaction fraud and methods 
thereof. 

10 Background 

Payments for goods and services are made through various commercial 
instruments such as, for example, cash, checks, and credit cards. Use of non-cash 
instruments has grown both in terms of volume as well as popularity. This use is 
expected to accelerate especially with the proliferation of electronic commerce (e- 
1 5 commerce) via the Internet. 

For non-cash instruments and, in particular, credit cards, the accuracy of 
identifying and authenticating purchasers is critical in order to avoid payment fraud. 
To identify or authenticate a user of a credit card, a merchant has to examine the 
20 credit card to detect forgery as well as verify data stored in a magnetic data strip of 
the credit card. Typically, such data includes user information that is electronically 
extracted and processed to validate an electronic transaction. Processing generally 
involves electronically relaying the user information to a company that issued the 
credit card or agents of such a company. 

25 

Generally, fraudulent use of credit cards in face-to-face transactions involves 
criminal syndicates because the entire process for such fraudulent use requires 
multiple parties and large resources to produce forged credit cards. While credit card 
companies use more sophisticated printing processes to prevent unauthorized 
30 reproduction of credit cards, such processes are still accessible to criminal 
syndicates. 
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In addition to the physical appearance of a credit card, the data stored in the 
magnetic data strip can be copied or reproduced. For electronic transactions such as 
purchasing goods via the Internet, fraud is more easily committed because such fraud 
. 5 only requires the data stored for a credit card. This is because the credit card does not 
need to be physically provided to validate Internet transactions. Hence, individuals 
who have access to the data of the credit cards can commit credit card fraud via 
Internet transactions. 

1 0 The above problems of fraud in an electronic transaction system are further 

compounded by the possibility of unauthorized access to locations in which credit 
card information of customers are stored. Security of these locations is not practically 
monitored by any public or private regulatory bodies and, currently, does not 
conform to any internationally acceptable security standards. 

15 

Conventionally, an electronic transaction system has locations at which 
confidential information is stored. The electronic transaction system typically 
enables user access via assigned user identification (ID) and passwords. Generally, to 
protect against unauthorized access to such locations, user accounts are suspended 

20 after a predetermined number of attempts . However, suspending user accounts is 

inconvenient to users as well as service providers because computer hackers can then 
cause widespread access denial. Such widespread access denial requires considerable 
efforts to reinstate suspended user accounts. Reinstating suspended user accounts can 
be costly in terms of time, loss of use, administrative expenses and, most 

25 importantly, loss of confidence in an electronic transaction system. 

Consequently, verification and authentication have to be reduced to a 
practical level to accommodate users having varying levels of technological 
knowledge and capability. On the other hand, the protection of confidential 
30 information such as user ID and passwords has to be maintained at a sufficient level 
of security to attain user confidence. 



WO 01/86539 



PCT/SG00/00180 



Credit card fraud accounts for significant losses of credit card companies and 
merchants that provide for credit card billings. Without major enhancements to 
existing credit card payment systems, the impact of credit card fraud, especially for 
5 merchants who conduct business on the Internet, is likely to increase. Therefore, in 
view of the above problems and constraints, there is a need for an electronic 
transaction system to prevent or at least alleviate credit card fraud and yet that has 
security features that are practically applied by users. 



10 Summary 



15 



20 



In accordance with one aspect of the invention, there is disclosed an 
electronic transaction system for validating a transaction of a user of the electronic 
transaction system, the electronic transaction system having a system controller, 
includes: 

■ 

means for receiving, by the system controller of the electronic transaction 
system, transaction information and user information from a transaction 
device coupled to the system controller, the transaction information and the 
user information being respectively associated with the transaction and the 
user; 



means for receiving, by the system controller from a wireless portable 
communication device associated with the user, at least one identification 
code associated with the wireless portable communication device; 



25 



means for verifying, by the a system controller, the at least one 
identification code and the user information based upon registered 
information of the user, the registered information being stored in association 
with the system controller; 



30 



and 
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means for determining, by the controller, whether to validate the 
transaction in response to the verifying. 



Generally, the electronic transaction system can further include means for 
5 invalidating the transaction when either the at least one identification code or the user 
information is not verified. 

a • 

Typically, the determining means can include means for checking credit 
information of the user, the credit information being stored in association with the 
1 0 system controller. 

More typically, the electronic transaction system can further include means 
for validating the transaction based upon the checking. 

1 5 Yet more typically, the electronic transaction system can further include 

means for transmitting at least one message to the wireless portable communication 
device upon validating the transaction. 



Generally, the means for receiving the transaction information and the user 
20 information can include means for prompting the user to provide at least one input to 
obtain at least some of the user information. 



In accordance with another aspect of the invention, there is disclosed an 

electronic transaction system for validating a transaction of a user of the electronic 
25 transaction system, the electronic transaction system having a system controller, 
includes: 

means for receiving, by the system controller of the electronic transaction 
system, transaction information and user information from a transaction 
device coupled to the system controller, the transaction information and the 
30 user information being respectively associated with the transaction and the 

user; 



NSDOCID: <WO 



0188539A1 I > 



WO 01/86539 



10 



PCT/SG00/00180 



means for transmitting, by the system controller to a wireless portable 
communication device associated with the user, at least one transaction code 

» * 

associated with the transaction; 



means for receiving, by the system controller via the transaction device, 
the at least one transaction code for verification; 



and 



means for determining, by the system controller, whether to validate the 
transaction based upon the verification. 



Generally, the electronic transaction system can further include means for 
15 invalidating the transaction when the verification of the at least one transaction code 
fails. 



Typically, the determining means can include means for checking credit 
information of the user, the credit information being stored in association with the 
20 system controller. 



More typically, the electronic transaction system can further include means 
for validating the transaction based upon the checking. 



25 Yet more typically, the electronic transaction system can further include 

means for transmitting at least one message to the wireless portable communication 
device upon validating the transaction. 

Generally, the means for receiving the transaction information and the user 
30 information can include means for prompting the user to provide at least one input to 
obtain at least some of the user information. 
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In accordance with another aspect of the invention, there is disclosed a 
method for validating a transaction of a user of an electronic transaction system, the 
method including the steps of: 

receiving, by a system controller of the electronic transaction system, 

w 

transaction information and user information from a transaction device 
coupled to the system controller, the transaction information and the user 
information being respectively associated with the transaction and the user; 

receiving, by the system controller from a wireless portable 
communication device associated with the user, at least one identification 
code associated with the wireless portable communication device; 

verifying, by the a system controller, the at least one identification code 
and the user information based upon registered information of the user, the 
registered information being stored in association with the system controller; 



and 



determining, by the system controller, whether to validate the transaction 
based upon the verifying step. 



Generally, the method can further include the step of invalidating the 
transaction when either the at least one identification code or the user information is 
not verified. 

Typically, the determining step can include the step of checking credit 
information of the user, the credit information being stored in association with the 
system controller. 
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More typically, the method can further include the step of validating the 
transaction based upon the checking step. 

Yet more typically, the method can further include the step of transmitting at 
least one message to the wireless portable communication device upon validating the 
transaction. 



user 



Generally, the step of receiving the transaction information and the 
information can include the step of prompting the user to provide at least one input to 
obtain at least some of the user information. 

In accordance with another aspect of the invention, there is disclosed a 
method for validating a transaction of a user of an electronic transaction system, the 
method including the steps of: 

receiving, by a system controller of the electronic transaction system, 
transaction information and user information from a transaction device ' 
coupled to the system controller, the transaction information and the user 
information being respectively associated with the transaction and the user 

s 

transmitting, by the system controller to a wireless portable 
communication device associated with the user, at least one transaction code 
associated with the transaction; 

receiving, by the system controller via the transaction device, the at least 
one transaction code for verification; 



and 



determining, by the system controller, whether to validate the transaction 
based upon the verification. 
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Generally, the method can further include the step of invalidating the 
transaction when the verification of the at least one transaction code fails. 

Typically, the determining step can include the step of checking credit 
information of the user, the credit information being stored in association with the 
system controller. 

More typically, the method can further include the step of validating the 
transaction based upon the checking step. 

Yet more typically, the method can further include the step of transmitting at 
least one message to the wireless portable communication device upon validating the 
transaction. 

Generally, the step of receiving the transaction information and the user 
information can include the step of prompting the user to provide at least one input to 
obtain at least some of the user information. 



In accordance with another aspect of the invention, there is disclosed a 
computer program product with a computer usable medium having a computer 
readable program code means embodied therein for validating a transaction of a user 
of an electronic transaction system having a system controller, the computer program 
product including: 

computer readable program code means for receiving, by the system 
controller of the electronic transaction system, transaction information and 
user information from a transaction device coupled to the system controller, 
the transaction information and the user information being respectively 
associated with the transaction and the user; 
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computer readable program code means for receiving, by the system 
controller from a wireless portable communication device associated with the 
user, at least one identification code associated with the wireless portable 
communication device; 



computer readable program code means for verifying, by the system 
controller, the at least one identification code and the user information based 
upon registered information of the user, the registered information being 
stored in association with the system controller; 



and 



computer readable program code means for determining, by the 
controller, whether to validate the transaction in response to the verifying. 

♦ 

Generally, the computer program product can further include computer 
readable program code means for invalidating the transaction when either the at least 
one identification code or the user information is not verified. 



Typically, the computer readable program code means for determining can 
include computer readable program code means for checking credit information of 
the user, the credit information being stored in association with the system controller. 



More typically, the computer program product can further include computer 
25 readable program code means for validating the transaction based upon the checking. 

Yet more typically, the computer program product can further include 
computer readable program code means for transmitting at least one message to the 
wireless portable communication device upon validating the transaction. 



30 



01/86539 PCT/SGOO/00180 



10 



Generally, the computer readable program code means for receiving the 
transaction information and the user information can include computer readable 
program code means for prompting the user to provide at least one input to obtain at 
least some of the user information. 



a 



In accordance with another aspect of the invention, there is disclosed 
computer program product with a computer usable medium having a computer 
readable program code means embodied therein for validating a transaction of a user 
of an electronic transaction system having a system controller, the computer program 
product including: 

computer readable program code means for receiving, by the system 
controller of the electronic transaction system, transaction information and 
user information from a transaction device coupled to the system controller, 
the transaction information and the user information being respectively 
associated with the transaction and the user; 

computer readable program code means for transmitting, by the system 
controller to a wireless portable communication device associated with the 
user, at least one transaction code associated with the transaction; 

* 

computer readable program code means for receiving, by the system 
controller via the transaction device, the at least one transaction code for 
verification; 



and 



computer readable program code means for deterniining, by the 
controller, whether to validate the transaction based upon the verification. 
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Generally, the computer program product can further include computer 
readable program code means for invalidating the transaction when the verification 
of the at least one transaction code fails. 
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Typically, the computer readable program code means for determining 
includes computer readable program code means for checking credit information of 
the user, the credit information being stored in association with the system controller. 

More typically, the computer program product can further include computer 
readable program code means for validating the transaction based upon the checking. 

Yet more typically, the computer program product can further include 
computer readable program code means for transmitting at least one message to the 
wireless portable communication device upon validating the transaction. 

Generally, the computer readable program code means for receiving the 
transaction information and the user information can include computer readable 
program code means for prompting the user to provide at least one input to obtain at 
least some of the user information. 



Brief Description of the Drawings 

Embodiments of the invention are described hereinafter with 
reference to the drawings, in which: 



25 FIG. 1 is a schematic block diagram illustrating an electronic transaction 

system in accordance with a preferred embodiment of the invention; 

FIG. 2 is a flowchart illustrating processing of an identification code of a 

wireless portable communication device in the electronic transaction system of FIG. 
30 1; 
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FIG. 3 is a flowchart illustrating a user registration process to register users of 
for the electronic transaction system of FIG. 1 ; 

FIG. 4 is a flowchart illustrating a process for a user of the electronic 
5 transaction system of FIG. 1 to change a user ID and/or password; 

FIG. 5 is a schematic block diagram of a system controller of the 
electronic transaction system of FIG. 1; 
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15 



FIGs. 6a to 6c are flowcharts illustrating a method for processing a typical 
Internet transaction of the electronic transaction system of FIG. 1; 

FIGs. 7a to 7c are flowcharts illustrating a method for processing a typical 
face-to-face transaction of the electronic transaction system of FIG. 1; and 

FIG. 8 is a block diagram of an example of a computer system capable of 
processing electronic transactions in the electronic transaction system of FIG. 1. 

Detailed Description 

20 An electronic transaction system, a method and a computer program product 

for validating electronic transactions of users of the electronic transaction system in 
accordance with a preferred embodiment of the invention are described. In the 
following, numerous details are provided for a more thorough description. It shall be 
apparent to one skilled in the art, however, that the invention may be practised 

25 without such details. In other instances, well-known details have not been described 
at length so as not to obscure the invention. 

The advantages of the preferred embodiment of the invention are manifold. 
One advantage is that electronic transactions, such as, for example, payments or 
30 change of user information are effected using different communication media. This 
enhances security of the electronic transaction system. Thus, opposite parties of, for 
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example, a payment transaction can verify information relating to each other and to 
the payment transaction with the different communication media before validating 
the payment transaction. 



Another advantage of the preferred embodiment of the invention is that 
security and usability of the preferred embodiment of the invention can be easily 
established with existing wireless communication systems such as mobile phone 
networks. This makes for an easier acceptance of the preferred embodiment of the 
invention as users need not have to learn completely new processes. 

Yet a further advantage of the preferred embodiment of the invention is that 
infrastructure support for implementing the preferred embodiment is at least partly 
available when used with existing mobile phone networks having mobile phones 
with roaming capabilities. 



Referring now to FIG. 1, a schematic block diagram of an electronic 
transaction system 10 in accordance with a preferred embodiment of the invention is 
illustrated. The electronic transaction system 1 0 supports transactions such as, for 
example, change of user information or payment for goods and services. The 
20 electronic transaction system 1 0 includes a system controller 1 1 . The system 

controller 1 1 couples to a service provider 12, a wireless communication system 13, 
the Internet 14 and a merchant acquirer 15. 



The merchant acquirer 15 is responsible for recruitment of merchants 
25 participating in the electronic transaction system 10. Merchants are sellers of goods 
and services who have joined the electronic transaction system 10 and accept 
payment through the electronic transaction system 10 either for face-to-face and/or 
Internet transactions. For face-to-face transactions, the merchant acquirer 15 arranges 
to install, maintain and route all transactions originating from a merchant location. 
30 The merchant acquirer 15 thus coordinates with merchants in promoting use of the 
electronic transaction system 10. In addition, the merchant acquirer 15 is a settlement 
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agent for participating merchants and is responsible for the proper conduct of such 
participating merchants in accordance to rules and regulations of the electronic 
transaction system 10. 

5 The wireless communication system 13 supports at least one wireless 

portable communication device 16. The wireless communication system 13 can be, 
for example, a mobile phone network. In such a mobile phone network, the wireless 
portable communication device 1 5 is a mobile phone for a user to communicate with 
the system controller 1 1 . 

10 

As for transactions via the Internet 14, a user can access the system controller 
1 1 using a transaction, device 17. The transaction device 17 can be, for example, a 
computer system coupled to the Internet 14. Typically, the user browses a merchant 
website associated with the merchant server 18 using the computer system prior to 
1 5 making a transaction. The transaction can be, for example, a purchase of goods or 
services provided via the merchant website. 



When a user makes transactions at a merchant location, a merchant 
transaction device 19 is used to access the system controller 11. The merchant 
20 transaction device 1 9 couples to the merchant acquirer via a private transaction 
network 20. 

* 

Connection between the system controller 1 1 to the merchant acquirer 1 5 and 
to the service provider 12 is via private transaction networks (PTNs) 20,21,22, 

25 respectively. The use of the PTNs 20,21,22 enables control of communications 
between the system controller 1 1 and the service provider 12 or the merchant 
acquirer 15. Such control can be applied to leased lines, dial-up lines or wireless data 
communication networks used in the PTNs 20,21,22. Furthermore, the 
communications can be further protected by cryptography methods to encrypt data in 

30 such communications. Thus, controlling communications using the PTNs 20,2 1 ,22 
can prevent or at least alleviate unauthorized access to the communications. 
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It is to be noted that transaction devices 17,19 include user input devices that 
are not shown in FIG. 1 . Such user input devices enable a user to provide information 
related to a transaction that is being transacted. 

5 

The system controller 1 1 also couples via a PTN 23 to at least one clearing 
bank 24 that is collectively indicated by a single block. The at least one clearing bank 
24 supports financial transactions of the electronic transaction system 10 and is 
responsible for settlement of user accounts of users from the service provider 12 or 
1 0 the merchant acquirer 1 5 . 



In using the electronic transaction system 10, use of the wireless portable 
communication device 16 is required at some stage of a transaction. In one 
embodiment of the invention, an identification code that is unique to the wireless 

15 portable communication device 16 is required for some transactions. Such an 

identification code is possible for mobile phones. This is because mobile telephone 
manufacturers as well as mobile telephone service providers are continually 
improving or at least mamtaining security features of mobile telephony. Consistent 
with this development, most users or subscribers are currently registered with a 

20 unique identification code. Such an identification code enables a mobile telephone to 
operate when in the coverage area of different mobile telephone service providers. 
The identification code may include alphanumeric characters. 

Referring now to FIG- 2, a flowchart illustrates processing 30 of an 
25 identification code received by the system controller 11. The identification code is 
communicated to the system controller 11 when a system feature is selected. At step 
31, a user communicates the identification code to the electronic transaction system 
1 0 using the wireless portable communication device 16 via, for example, one or 
more of the following communication modes: 
3 0 a) Interactive voice response (TVR); 

b) Short message system (SMS); and 
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c) Wireless application protocol (WAP). 
These communication modes cater to users who have varying levels of comfort in 
adapting to complex technology. 

5 Use of the identification code enables the system controller 1 1 to ascertain 

the intended purpose of the user in selecting the system feature at step 32. This 
intended purpose can be to enable a system feature such as, for example, changing 
user information or making a purchase of goods or services. In providing the 
identification code together with selecting a system feature, the system controller 1 1 

1 0 can then enable a selected system feature to be subsequently processed. The user 
information can include a user identification (ID) or password. It is assumed that 
only a registered user of the wireless portable communication device 16 can invoke 
the identification code for a transaction. Unauthorized use of the wireless portable 
communication device 16 is not likely unless an unauthorized user knows the user ID 

1 5 or password. The system controller 1 1 then time logs the identification code at 

decision step 33. Within a specified time limit that is configurable as a predetermined 
transaction parameter, the selected system feature is enabled at step 34 with a 4< No" 
from decision step 33. The user can then proceed with the selected system feature. 
After the specified time limit expires and if the user does not complete the intended 

20 purpose, the system controller 1 1 times out the identification code. Thereafter, the 

system controller 1 1 generates an output message at step 35 to inform the user via the 
wireless portable communication device 16 using, for example, SMS. 

In providing for process 30, the electronic transaction system 10 has an 
25 additional security procedure in which the user is clearly identified. This is because 
the identification code can only originate from the wireless portable communication 
device 16 that is registered to the user. Furthermore, with the identification code, the 
electronic transaction system 10 is protected from computer hacking or other forms 
of malicious intentions. This is because access to the system controller 1 1 requires 
30 completion of the process 30 before any subsequent processing or access can 
continue. 
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The identification code serves two purposes; First, it verifies that the user has 
an intention to perform a function such as changing an assigned user ID and/or 
password, or making a purchase. Second, the identification code is an additional 
5 security feature that prevents unauthorized attempts to query a database for a correct 
match of the user ID and password. Hence, use of the identification code, in 
conjunction with a user ID and password, provides the electronic transaction system 
1 0 with a security feature that is practical and easy to use. 

10 Also, use of the system controller 1 1 ensures confidential information 

pertaining to transactions or users are not transmitted and/or stored on any other 
servers. Such users need to register with the system controller 1 1 in order to use the 
electronic transaction system 10. 

1 5 Referring now to FIG. 3, a user registration process 40 to register users for 

the electronic transaction system 10 is illustrated. In collaboration with the service 
provider 12 of FIG. 1, subscribers of the wireless communication system 13 are 
identified from databases of the service provider 12. These databases are represented 
using a single block 41 in FIG. 3. The service provider 12 facilitates recruitment of 

20 users from the subscribers and is also a collection agent for purchases incurred by 
these users. The service provider 12 is also responsible for real time updating of user 
data with the system controller 1 1 . 



The subscribers are invited to join as users of the electronic transaction 
25 system 10 at step 42. Each subscriber is provided with an application form and pre- 
assigned with a user ID and a password. The user ID is unique in that no two users 
are given the same user ID. Thereafter, the subscriber has a choice of whether or not 
to register as a user at decision step 43. If the subscriber declines or ignores an 
invitation resulting in a 'No' from decision step 43, the user registration process 40 
30 for that subscriber terminates at step 44. Otherwise, a 'Yes' from decision step 43 is 
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obtained when a subscriber submits the application form to the service provider 12 at 
step 45. 



10 



20 



25 



To complete the user registration process 40 for a subscriber, staff of the 
service provider 12 inputs user information pertaining to that subscriber at step 46. 
Thereafter, the user information is provided, via the private transaction network 
(PTN) 21, for storage into at least one storage location of the electronic transaction 
system 10 at step 47. This at least one storage location is associated with the system 
controller 1 1 . 



Following completion of the user registration process 40, a user account is 
activated. A request by the user to enable a system feature such as to change the user 
ID or password is processed by the system controller 1 1 using a process 50 
illustrated by the flowchart of FIG. 4. The user can be connected to the system 
15 controller 1 1 via, for example, the Internet 14. 

Process 50 starts when the system controller 1 1 requests an identification 
code from the user at step 51. The user identification code is provided using the 
process 30. Upon selecting a system feature and, consequently providing the 
identification code, the user inputs a user ID at step 52. Thereafter, the system 
controller 1 1 determines whether the user ID and the identification code are correctly 
matched or verified at decision step 53. With a 'No' from decision step 53, the 
system controller 1 1 determines at decision step 54 whether less than three attempts 
have been made by the user to enter the user ID or whether a timeout has occurred. 
The system controller 1 1 has a timeout feature that is activated if the user ID is not 
received within a predetermined time period. With a 'No' following decision step 54, 
the process 50 returns to step 52 in which the system controller 1 1 awaits the user to ' 
re-enter the user ID and password. Otherwise, with a 'Yes' following decision step 
54, the process 50 proceeds to step 55. At step 55, the system controller 1 1 
30 terminates the process 50. 
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With a 'Yes' from decision step 53, the process 50 continues to step 56 in 
which the system controller 1 1 prompts for a password. Thereafter, the system 
controller 1 1 determines at decision step 57 whether the password is verified at 
decision step 57. For a 'No' following decision step 57, the system controller 1 1 
determines at decision step 58 whether less than three attempts have been made by 
the user to enter the password or whether the timeout has occurred. With a 'Yes' 
following decision step 58, the process 50 proceeds to step 59. At step 59, the system 
controller 1 1 terminates the process 50, notifies the service provide 12 about the 
failed attempts to access the system controller 1 1 and suspends the user account. 

Following a 'Yes' from decision step 57, the process 50 continues to step 60 
at which the user inputs a new user ID. The new user ID has to conform with 
predetermined parameters in order to meet security requirements of the electronic 
transaction system 10. At decision step 61, the system controller 11 checks for 
uniqueness of the new user ID. If the new user ID is not unique, the process 50 
returns with a 'No' to step 60. Otherwise, once the new user ID is determined to be 
unique, the process 50 proceeds with a 'Yes' to step 62. 

At step 62, the user inputs a new password and the process 50 continues with 
20 step 63 at which the user has to re-enter the new password for confirmation. With the 
new password ascertained, the system controller 1 1 verifies at decision step 64 
whether the new password conforms to security requirements of the electronic 
transaction system 1 0. A 'No' from decision step 64 results in the process 50 
returning to step 63 to input another new password. Otherwise, a 'Yes' following 
25 decision step 64 ends the process 50 at step 65 in which the user is informed of the 
change in the user ID and/or password via an SMS transmitted to the wireless 
portable conununication device 16. 



15 



30 



a user 



Thus far, user account set-up or changes to a user account initiated by 
of the electronic transaction system 10 has been described. The set-up and changes 
involve only the user accessing the system controller 1 1 via the wireless 
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communication system 13 or the Internet 14. Reference shall now be made to FIG. 5 
to describe features of the system controller 11. 

Referring now to FIG. 5, a schematic block diagram of the system controller 
5 1 1 is illustrated. The system controller 1 1 maintains all user information and 

* 

transaction records. The service provider 12 can update the user information on-line. 
The system controller 1 1 serves as an authenticating body for all transactions of the 
electronic transaction system 10, manages usability of the electronic transaction 
system 10 via the Internet 14, enables transaction confirmations to merchants and 
1 0 provides settlement services to service providers and merchant acquirers 
participating in the electronic transaction system 10. 

The system controller 1 1 supports two verification processes as described 
hereinbefore. Specifically, one of the two verification processes is to verify the 
1 5 identification code associated with the wireless portable communication device 16 or 
the merchant acquirer 15. The other one of the two verification processes is to verify 
the user ID and password of a user. These two verification processes are separately 
processed to isolate the user information and enhance security of the user 
information and the system controller 1 1 . 

20 

For non-Internet transactions, the system controller 1 1 has a communications 
controller 71, a user account server 72 and a database server 73. The communications 
controller 71 controls communications between the electronic transaction system 10 
and either the wireless portable communication device 16 or the merchant acquirer. 
25 The user account server 72 couples to the communications controller 71 and the 

database server 73 to support transactions in which transaction information or user 
information, such as user IDs and/or passwords, is to be verified. The database server 
73 accesses information stored in a storage device 74 of the system controller 11. 

30 For Internet transactions, the system controller 1 1 has a firewall 75, a Web 

server 76, an applications server 77 and a database server 78. The firewall 75 
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provides a security shield for access to the system controller 1 1 . The Web server 76 
and the applications server 77 supports users who access the system controller 1 1 via 
the Internet 14. The database server 78 accesses information stored in the storage 
device 74 of the system controller 1 1 . It is to be noted that the storage device 74 is 
common for the two verification processes. 



Transactions in the electronic transaction system 10 can be carried out either 
through the Internet via the user transaction device 17 or face-to-face at a merchant 
location via the merchant transaction device 19. Typically, these transactions require 
1 0 the following procedures for completion: 

a) offer of goods and/or services by a merchant; 

b) acceptance of the offer; 

c) payment for the goods and/or services; and 

d) delivery and receipt of the goods and/or services. 

15 

Typical transactions for the electronic transaction system 10 are described 
with reference to the system controller 1 1 using FIGs. 6a to 6c and FIGs. 7a to 7c. 

Referring now to FIGs. 6a to 6c, a method 100 for a typical Internet 
20 transaction of the electronic transaction system 10 is illustrated with a flowchart. 
Starting at step 101, a user is logged onto the Internet 14 to browse a merchant 
Website supported by the merchant server 18. Prices and description of goods and 
services are displayed to the user via the user transaction device 17. After selecting 
one or more items to purchase, the user is typically queried as to a preferred mode of 
25 payment for the items. This payment query is represented by decision box 102 in 
which a controller of the merchant transaction device 19 determines whether the 
payment mode selected requires use of the electronic transaction system 10. 
Generally, merchant Websites offer different modes of payment for Internet 
transactions. If the user selects other payment modes, then the method 100 continues 
30 with a 'No' to step 103. Otherwise, if the user selects the payment mode of the 
electronic transaction system 10, then the method 100 continues with step 104 in 
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which the controller of the merchant transaction device 19 establishes a connection 
between the user transaction device 1 7 and the system controller 1 1 . In addition, at 
step 104, a computer program script is sent to the user transaction device 17 to 
initiate communications with the system controller 11. Communications between the 
user transaction device 17 and the system controller 1 1 is encrypted using known 
encryption techniques such as, for example, SSL™ (Secure Sockets Layer). 

The method 100 continues to step 105 in which the system controller 1 1 
requests the user to issue an identification code associated with the wireless portable 
communication device 16. This requires the user to provide the identification code as 
described in the process 30. In addition, the system controller 1 1 extracts transaction 
information of the purchase from the merchant transaction device 19. Following step 
105, the method 100 continues to step 106 of FIG. 6b in which the user inputs a user 
ID. This user ID is then verified, at decision step 107, with the identification upon 
reception of the latter by the system controller 11. It is to be noted that unless the 
system controller 1 1 receives the identification code associated with the wireless 
portable communication device 16 of the user, the method 100 cannot continue. 
Hence, the "system controller 1 1 has a timeout feature that is activated if the password 
is not received within a predetermined time period. Thus, the system controller 1 1 
also monitors the predetermined time period at decision step 107. With a 'No' 
following decision step 107, the method 100 continues to decision step 108. At 
decision step 108, the system controller keeps count of the number of failed attempts 
at verifying the user ID with the identification code and also determines whether the 
predetermined time period has expired. For less than three failed attempts, the system 
controller 1 1 returns the method 100 with a 'No' back to step 106. Otherwise, when 
three failed attempts have been recorded or the predetermined time period has 
expired, the method 100 proceeds with a 'Yes' to step 109. At step 109, the system 
controller 11 terminates the method 100 for this transaction. 

Following a 'Yes' from decision step 107, the method 100 continues to step 
1 1 1 in which the system controller 1 1 prompts the user to provide a password. 
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Thereafter, the method 100 continues to decision step 1 12 in which the system 
controller 1 1 determines whether the password has been received and verified. In 
decision step 112, the timeout feature is again activated if the password is not 
received within the predetermined time period. Hence, for a 'No' in decision step 
5 1 12, the method 1 00 continues to decision step 1 13 in which the system controller 
keeps count of the number of failed attempts and monitors the predetermined time 
period. 



For a 'Yes' following decision step 1 13, the method 100 continues to step 
10 1 1 4 in which the system controller 1 1 terminates the transaction. In addition, at step 
1 14, the system controller 1 1 also notifies the service provider 12 of the failed 
attempts to complete the transaction and suspends the user account. Otherwise, the 
method 1 00 returns to step 1 1 1 to await another password input from the user 
following a 'No' from decision step 113. 



15 



Returning to decision step 112, the method 100 continues to step 115 in FIG. 
6c in which the system controller 1 1 checks credit information of the user. In 
particular, the credit limit of the user is determined at decision step 1 16 in order to 
continue the method 100. When the transaction is not within the credit limit of the 

20 user, the method 1 00 proceeds with a 'No ' to step 1 1 7. At step 1 1 7, the system 
controller 1 1 terminates the transaction and sends a message to the user via the 
wireless portable communication device 16 to request that the user checks with the 
service provider 12 on the credit limit. In addition, at step 1 17, the system controller 
1 1 informs the service provider 1 2 on the incomplete transaction because of 

25 insufficient credit limit. 



30 



The method 100 continues with a 'Yes' from decision step 1 16 to step 1 18 at 
which the system controller 1 1 informs the user that the transaction is approved. 
Thereafter, at step 119, the system controller 1 1 sends to the wireless portable 
communication device 16 an SMS to confirm the transaction. With the transaction 
confirmed, the system controller 11 updates a transaction log at step 120 and updates 
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the merchant server 18 with an approval code for the transaction at step 121 . The 
method 100 then terminates at step 121. 

Referring now to FIGs. 7a to 7c, a method 200 for a typical face-to-face 
5 transaction of the electronic transaction system 10 is illustrated with a flowchart. For 
the method 200, the user is at a merchant location. The merchant location has the 
merchant transaction device 19 for the user to access the electronic transaction 
system 1 0. Hence, upon the user deciding to make a transaction such as payment for 
a purchase, the merchant transaction device 1 9 is activated to connect to the system 
1 0 controller 1 1 via the merchant acquirer 15. Connection between the merchant 
transaction device 19 and the merchant acquirer 15 uses the PTN 20 to ensure 
security of transactions therebetween. 

* 

Starting at step 201 in FIG. 6a, the merchant transaction device 19 establishes 
15 a connection to the system controller 1 1 . Thereafter, transaction information for the 
transaction is provided to the system controller 1 1 at step 202. Upon receiving the 
transaction information, the system controller 1 1 then generates a request for the user 
ID and the password at step 203. 

20 In response to the request, the user then inputs the user ID and the password 

at the merchant transaction device 19 at step 204 in FIG. 6b. The user ID and the 
password is then transmitted back to the system controller 1 1 from the merchant 
transaction device 19. Receiving the user ID and the password, the system controller 
1 1 then determines at decision step 205 whether the user ID and the password 

25 matches user information stored at the system controller 1 1 . The system controller 1 1 
in decision step 205 also applies the timeout feature. With a 'No' from decision step 
205, the method 200 continues to decision step 206 in which the system controller 1 1 
determines whether there have been three failed attempts to verify the user ID and 
the password for the user. For a * Yes' following decision step 206, the system 

30 controller 1 1 terminates the transaction at step 207. Otherwise, for a c No' following 
decision step 206, the method 200 returns to step 204. 
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Returning back to decision step 205, the method 200 continues with a 'Yes' 
to step 208 at which the system controller 1 1 sends a transaction code to the user via 
the wireless portable communication device 16. The system controller 1 1 randomly 
5 generates the transaction code. Upon receiving the transaction code in, for example, 
an SMS, the user then inputs the transaction code at the merchant transaction device 

• ♦ 

19 at step 209. Thereafter, the system controller 11 verifies the transaction code to 
determine validity of the user at decision step 210. 

1 0 With a 'No' following decision step 210, the process 200 continues to 

decision step 211. At decision step 211, the system controller 11 determines if three 
failed attempts has occurred or if the predetermined time period has expired. With a 
'Yes' from decision step 21 1, the system controller 1 1 terminates the transaction at 
step 212. At step 212, the system controller 11 also notifies the service provider 12 of 

1 5 the terminated transaction and suspends the user account of the user. 

Returning to decision step 210, and upon verification of the transaction code 
with a 'Yes', the method 200 continues to step 213 in FIG. 7c. At step 213, the 
system controller 1 1 checks credit information of the user to determine, for example, 

20 the user's credit limit. Thereafter, at decision step 214, if the credit limit is exceeded, 
a 'No' is generated and the method 200 continues to step 215. At step 215, the 
system controller 1 1 terminates the transaction and sends a message to the user via 
the wireless portable communication device 16 to request that the user checks with 
the service provider 12 on the credit limit. In addition, at step 215, the system 

25 controller 1 1 informs the service provider 12 on the incomplete transaction because 
of insufficient credit limit. 



The method 200 continues with a 'Yes' from decision step 214 to step 216 at 
which the system controller 1 1 informs the user that the transaction is approved. 
30 Thereafter, at step 217, the system controller 1 1 sends the wireless portable 

communication device 16 an SMS to confirm the transaction. With the transaction 
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confirmed, the system controller 11 updates a transaction log at step 218 and updates 
the merchant server 18 with an approval code for the transaction at step 219. The 
method 100 then terminates at step 219. 



5 For decision steps 116 and 214 in the methods 100 and 200, respectively, the 

credit limit of the user for a purchase is determined based on a rule table defined by 
the service provider 12. For example, the rule table can define the following: 

a) Maximum single purchase; 

b) Domicile of a merchant using an exclusion table; 

10 c) Currency of purchase using an exclusion table for foreign exchange 

controls; 

d) Purchase limit for shipment to address other than the user's. 



It is to be noted that the electronic transaction system 1 0 cannot assist users in 
1 5 evaluating a merchant from with whom they intend to make a purchase. However, 
merchants who are guilty of any unscrupulous dealings shall not be allowed to 
continue participating in the electronic transaction system 10. 



It is further to be noted that the method 200 can be applied for Internet 
20 transactions. In other words, the electronic transaction system 10 can be configured 
such that a user of the user transaction device 17 is required to provide a transaction 
code to the system controller 1 1 using the wireless portable communication device 
16. This depends on how much security is desired by users of th^electronic 
transaction system 10. 



To protect honest and reliable merchants, the electronic transaction system 10 
ensures that a user is properly identified and has sufficient credit limit to complete a 
transaction. Thus, the electronic transaction system 10 facilitates the two transactions 
describe in the methods 100 and 200. 



30 
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The transaction log mentioned in step 120 of the method 100 and step 216 in 
the method 200 keeps track of all failed attempts to log onto a user account. 

The electronic transaction system 10 as described above provides for global 
usage as users are not restricted to a physical location when using the wireless 
portable communication device 16. Furthermore, infrastructure support for the 
electronic transaction system 10 is at least partly available if the wireless 
communication system ,3 is implemented with existing mobile phone networks 
having mobile phones with roaming capabilities. 

The system controller 11 fa tire preferred embodiment of the invention can be 
tmplemented using a computer program product such as, for examp.e, a computer 
system 300 as shown in BO. 8. In particular, me processes 30, 40, 50 and memods 
100 and 200 can be imptemented as software, or computer readaWe program code 
executing on the computer system 300. 



The computer system 300 includes aprocessor 301, a video display 302, and 
input dev,ces 303, 304. A communication input/output (I/O) signs, bus 305 provides 
for mputs and outputs between me processor 301 and the three PTNs 20,2 1 ,22 the 
20 wireless communication system 13 and the Internet 14. 

t 

The computer system 300 also includes a memory 306 thai may include 
random access memory (RAM) and read-only memory (ROM), input/output (I/O) 
interfaces 7, 307, a video interlace 308, and one or more storage devices gen era! v 

ZTT T°- 8 wtth ae devte 74 - ™- — * 306 - - - * 

store the transaction code or the identification code when processing a transaction A 
common bus 309 links el uon ' A 
when 7 C ° mPUter SyStBm 300 10 P™** 5 ta-sfes 

when processing data for transactions. 

" video " *° *° 302 - P-vtdes 

video s.gnaU from the computer system 300 for dismay on the video display 302. 
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User input to operate the computer system 300 can be provided by one or more of the 
input devices 303,304 via the I/O interface 307. For example, a user of the computer 
system 300 can use a keyboard as the input device 303 and/or a pointing device such 
as a mouse as the input device 74. The keyboard and the mouse provide input to the 
5 computer system 300. The storage device 74 can consist of one or more of the 

following: a floppy disk, a hard disk drive, a magneto-optical disk drive, CD-ROM, 
magnetic tape or any other of a number of non-volatile storage devices well known 
to those skilled in the art. Each of the elements in the computer system 300 is 
typically connected to other devices via a bus 81 that in turn can consist of data, 
10 address, and control buses. 



The processes 30, 40, 50 and methods 100 and 200 are effected by 
instructions in the software that are carried out by the computer system 300. Again, 
the software may be implemented as one or more modules for implementing the 
1 5 method steps. That is, the system controller 1 1 can be a part of a computer readable 
program code that usually performs a particular function or related functions. 

In particular, the software may be stored in a computer readable medium, 
including the storage device 74. The computer system 300 includes the computer 
20 readable medium having such software or program code recorded such that 

instructions of the software or the program code can be carried out. The use of the 
computer system 300 preferably effects advantageous apparatuses for validating 
transactions of the electronic transaction system 10. 

25 The computer system 300 simply provides for illustrative purposes and other 

configurations can be employed without departing from the scope and spirit of the 
invention. The foregoing is merely exemplary of the types of computers or computer 
systems with which the embodiments of the invention may be practised. Typically, 
the processes 30, 40, 50 and methods 100 and 200 of the embodiments are resident as 

30 software or a computer readable program code recorded on a hard disk drive 

(generally depicted as the storage device 74) as the computer readable medium, and 
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read and controlled using the system controller 1 1. Intermediate storage of the 
program code and media content data and any data fetched from the network may be 
accomplished using the memory 306, possibly in concert with the storage device 74. 

5 In some instances, the program may be supplied to the user encoded on a 

CD-ROM or a floppy disk (both generally depicted by the storage device 74), or 
alternatively could be read by the user from the network via a modem device 
connected to the computer system 300. Still further, the computer system 300 can 
load the software from other computer readable media. This may include magnetic 

1 0 tape, a ROM or integrated circuit, a magneto-optical disk, a radio or infra-red 

transmission channel between the computer and another device, a computer readable 
card such as a PCMCIA card, and the Internet and Intranets including email 
transmissions and information recorded on Internet sites and the like. The foregoing 
is merely exemplary of relevant computer readable media. Other computer readable 

1 5 media may be practised without departing from the scope and spirit of the invention. 



The electronic transaction system 10 as described in the above preferred 
embodiment of the invention advantageously overcomes or at least alleviates the 
disadvantages of conventional electronic transaction systems for validating a 
20 transaction. 

» 

In the foregoing description, an electronic transaction system, a method and a 
computer program product for validating electronic transactions of users of the 
electronic transaction system are described. Although a preferred embodiment is 
25 described, it shall be apparent to one skilled in the art in view of this preferred 
embodiment that numerous changes and/or modifications can be made without 
departing from the scope and spirit of the invention. 
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Claims: 

1 . An electronic transaction system for validating a transaction of a user of said 
electronic transaction system, said electronic transaction system having a 
system controller, includes: 

means for receiving, by said system controller of said electronic 
transaction system, transaction information and user information from a 
transaction device coupled to said system controller, said transaction 
information and said user information being respectively associated with said 
transaction and said user; 

means for receiving, by said system controller from a wireless portable 
communication device associated with said user, at least one identification 
code associated with said wireless portable communication device; 

* 

means for verifying, by said a system controller, said at least one 
identification code and said user information based upon registered 
information of said user, said registered information being stored in 
association with said system controller; 



and 



means for determining, by said controller, whether to validate said 
transaction in response to said verifying. 



2. The electronic transaction system as claimed in Claim 1, and further 

including means for invalidating said transaction when either said at least one 
identification code or said user information is not verified. 



3. The electronic transaction system as claimed in Claim 1, wherein said 

determining means includes means for checking credit information of said 
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user, said credit information being stored in association with said system 

■ 

controller. 



4. The electronic transaction system as claimed in Claim 3, and further 
including means for validating said transaction based upon said checking. 

5. The electronic transaction system as claimed in Claim 4, and further 
including means for transmitting at least one message to said wireless 
portable communication device upon validating said transaction. 

6. The electronic transaction system as claimed in Claim 1, wherein said means 
for receiving said transaction information and said user information includes 
means for prompting said user to provide at least one input to obtain at least 
some of said user information. 
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An electronic transaction system for validating a transaction of a user of said 
electronic transaction system, said electronic transaction system having a 
system controller, includes: 

means for receiving, by said system controller of said electronic 
transaction system, transaction information and user information from a 
transaction device coupled to said system controller, said transaction 
information and said user information being respectively associated with said 
transaction and said user; 

* 

means for transmitting, by said system controller to a wireless portable 
communication device associated with said user, at least one transaction code 
associated with said transaction; 

means for receiving, by said system controller via said transaction device, 
said at least one transaction code for verification; 

and 

means for determining, by said system controller, whether to validate said 
transaction based upon said verification. 

The electronic transaction system as claimed in Claim 7, and further 
including means for invalidating said transaction when said verification of 
said at least one transaction code fails. 

The electronic transaction system as claimed in Claim 7, wherein said 
determining means includes means for checking credit information of said 
user, said credit information being stored in association with said system 
controller. 
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10. The electronic transaction system as claimed in Claim 9, and further 
including means for validating said transaction based upon said checking. 

1 1 . The electronic transaction system as claimed in Claim 10, and further 
5 including means for transmitting at least one message to said wireless 

portable communication device upon validating said transaction. 

* 

12. The electronic transaction system as claimed in Claim 7, wherein said means 
for receiving said transaction information and said user information includes 

10 means for prompting said user to provide at least one input to obtain at least 

some of said user information. 
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A method for validating a transaction of a user of an electronic transaction 
system, said method including the steps of: 

receiving, by a system controller of said electronic transaction system, 
transaction information and user information from a transaction device 
coupled to said system controller, said transaction information and said user 
information being respectively associated with said transaction and said user; 

receiving, by said system controller from a wireless portable 
communication device associated with said user, at least one identification 
code associated with said wireless portable communication device; 

verifying, by said a system controller, said at least one identification code 
and said user information based upon registered information of said user, said 
registered information being stored in association with said system controller; 

« 

and 

determining, by said system controller, whether to validate said 
transaction based upon said verifying step. 

The method as claimed in Claim 13, and further including the step of 
invalidating said transaction when either said at least one identification code 
or said user information is not verified. 

« 

The method as claimed in Claim 13, wherein said determining step includes 
the step of checking credit information of said user, said credit information 
being stored in association with said system controller. 

The method as claimed in Claim 15, and further including the step of 
validating said transaction based upon said checking step. 
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* » 

The method as claimed in Claim 1 6, and further including the step of 
transmitting at least one message to said wireless portable communication 
device upon validating said transaction. 

The method as claimed in Claim 13, wherein said step of receiving said 
transaction information and said user information includes the step of 
prompting said user to provide at least one input to obtain at least some of 
said user information. 
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19. A method for validating a transaction of a user of an electronic transaction 
system, said method including the steps of: 



receiving, by a system controller of said electronic transaction system, 
transaction information and user information from a transaction device 
coupled to said system controller, said transaction information and said user 
information being respectively associated with said transaction and said user; 



transmitting, by said system controller to a wireless portable 

» - 

10 communication device associated with said user, at least one transaction code 

associated with said transaction; 



receiving, by said system controller via said transaction device, said at 
least one transaction code for verification; 

15 

and 



determining, by said system controller, whether to validate said 
transaction based upon said verification. 

20 

20. The method as claimed in Claim 19, and further including the step of 
invalidating said transaction when said verification of said at least 
_one transaction code fails. 



25 21. The method as claimed in Claim 19, wherein said determining step includes 

the step of checking credit information of said user, said credit information 
being stored in association with said system controller. 

The method as claimed in Claim 21, and further including the step of 
validating said transaction based upon said checking step. 



22, 
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The method as claimed in Claim 22, and further including the step of 
transmitting at least one message to said wireless portable communication 
device upon validating said transaction. 

The method as claimed in Claim 19, wherein said step of receiving said 
transaction information and said user information includes the step of 
prompting said user to provide at least one input to obtain at least some of 
said user information. 



10 
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A computer program product with a computer usable medium having a 
computer readable program code means embodied therein for validating a 
transaction of a user of an electronic transaction system having a system 
controller, said computer program product including: 

computer readable program code means for receiving, by said system 
controller of said electronic transaction system, transaction information and 
user information from a transaction device coupled to said system controller, 
said transaction information and said user information being respectively 
associated with said transaction and said user; 

computer readable program code means for receiving, by said system 
controller from a wireless portable communication device associated with 
said user, at least one identification code associated with said wireless 
portable communication device; 

computer readable program code means for verifying, by said system 
controller, said at least one identification code and said user information 
based upon registered information of said user, said registered information 
being stored in association with said system controller; 

and 

computer readable program code means for determining, by said 
controller, whether to validate said transaction in response to said verifying. 

The computer program product as claimed in Claim 25, and further including 
computer readable program code means for invalidating said transaction 
when either said at least one identification code or said user information is 
not verified. 
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27. The computer program product as claimed in Claim 25, wherein said 

computer readable program code means for determining includes computer 
readable program code means for checking credit information of said user, 
said credit information being stored in association with said system 
controller. 



The computer program product as claimed in Claim 27, and further including 
computer readable program code means for validating said transaction based 
upon said checking. 

The computer program product as claimed in Claim 28, and further including 
computer readable program code means for transmitting at least one message 
to said wireless portable communication device upon validating said 
transaction. 



3 0. The computer program product as claimed in Claim 25, wherein said 
computer readable program code means for receiving said transaction 
information and said user information includes computer readable program 
code means for prompting said user to provide at least one input to obtain at 
20 least some of said user information. 
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A computer program product with a computer usable medium having a 
computer readable program code means embodied therein for validating a 
transaction of a user of an electronic transaction system having a system 
controller, said computer program product including: 

computer readable program code means for receiving, by said system 
controller of said electronic transaction system, transaction information and 
user information from a transaction device coupled to said system controller, 
said transaction information and said user information being respectively 
associated with said transaction and said user; 

computer readable program code means for transmitting, by said system 
controller to a wireless portable communication device associated with said 
user, at least one transaction code associated with said transaction; 

computer readable program code means for receiving, by said system 
controller via said transaction device, said at least one transaction code for 
verification; 

and 

computer readable program code means for determining, by said 
controller, whether to validate said transaction based upon said verification. 

The computer program product as claimed in Claim 31, and further including 
computer readable program code means for invalidating said transaction 
when said verification of said at least one transaction code fails. 

The computer program product as claimed in Claim 31, wherein said 
computer readable program code means for determining includes computer 
readable program code means for checking credit information of said user, 
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said credit information being stored in association with said system 
controller. 



The computer program product as claimed in Claim 33, and further including 
computer readable program code means for validating said transaction based 
upon said checking. 

The computer program product as claimed in Claim 34, and further including 
computer readable program code means for transmitting at least one message 
to said wireless portable communication device upon validating said 
transaction. 



The computer program product as claimed in Claim 31, wherein said 
computer readable program code means for receiving said transaction 
information and said user information includes computer readable program 
code means for prompting said user to provide at least one input to obtain at 
least some of said user information. 
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